package org.elasticsearch.xpack.core.security.authz.privilege;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Predicate;
import org.apache.lucene.util.automaton.Automaton;
import org.elasticsearch.action.admin.cluster.node.liveness.TransportLivenessAction;
import org.elasticsearch.action.admin.cluster.repositories.get.GetRepositoriesAction;
import org.elasticsearch.action.admin.cluster.snapshots.create.CreateSnapshotAction;
import org.elasticsearch.action.admin.cluster.snapshots.get.GetSnapshotsAction;
import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotsStatusAction;
import org.elasticsearch.action.admin.cluster.state.ClusterStateAction;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.xpack.core.indexlifecycle.action.GetLifecycleAction;
import org.elasticsearch.xpack.core.indexlifecycle.action.GetStatusAction;
import org.elasticsearch.xpack.core.security.action.token.InvalidateTokenAction;
import org.elasticsearch.xpack.core.security.action.token.RefreshTokenAction;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesAction;
import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.AllExpression;
import org.elasticsearch.xpack.core.security.support.Automatons;

/* loaded from: input_file:lib/x-pack-core-6.8.15.jar:org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilege.class */
public final class ClusterPrivilege extends Privilege {
    private static final Automaton MANAGE_SECURITY_AUTOMATON = Automatons.patterns("cluster:admin/xpack/security/*");
    private static final Automaton MANAGE_SAML_AUTOMATON = Automatons.patterns("cluster:admin/xpack/security/saml/*", InvalidateTokenAction.NAME, RefreshTokenAction.NAME);
    private static final Automaton MANAGE_TOKEN_AUTOMATON = Automatons.patterns("cluster:admin/xpack/security/token/*");
    private static final Automaton MONITOR_AUTOMATON = Automatons.patterns("cluster:monitor/*");
    private static final Automaton MONITOR_ML_AUTOMATON = Automatons.patterns("cluster:monitor/xpack/ml/*");
    private static final Automaton MONITOR_WATCHER_AUTOMATON = Automatons.patterns("cluster:monitor/xpack/watcher/*");
    private static final Automaton MONITOR_ROLLUP_AUTOMATON = Automatons.patterns("cluster:monitor/xpack/rollup/*");
    private static final Automaton ALL_CLUSTER_AUTOMATON = Automatons.patterns("cluster:*", "indices:admin/template/*");
    private static final Automaton MANAGE_AUTOMATON = Automatons.minusAndMinimize(ALL_CLUSTER_AUTOMATON, MANAGE_SECURITY_AUTOMATON);
    private static final Automaton MANAGE_ML_AUTOMATON = Automatons.patterns("cluster:admin/xpack/ml/*", "cluster:monitor/xpack/ml/*");
    private static final Automaton MANAGE_WATCHER_AUTOMATON = Automatons.patterns("cluster:admin/xpack/watcher/*", "cluster:monitor/xpack/watcher/*");
    private static final Automaton TRANSPORT_CLIENT_AUTOMATON = Automatons.patterns(TransportLivenessAction.NAME, ClusterStateAction.NAME);
    private static final Automaton MANAGE_IDX_TEMPLATE_AUTOMATON = Automatons.patterns("indices:admin/template/*");
    private static final Automaton MANAGE_INGEST_PIPELINE_AUTOMATON = Automatons.patterns("cluster:admin/ingest/pipeline/*");
    private static final Automaton MANAGE_ROLLUP_AUTOMATON = Automatons.patterns("cluster:admin/xpack/rollup/*", "cluster:monitor/xpack/rollup/*");
    private static final Automaton MANAGE_CCR_AUTOMATON = Automatons.patterns("cluster:admin/xpack/ccr/*", ClusterStateAction.NAME, HasPrivilegesAction.NAME);
    private static final Automaton CREATE_SNAPSHOT_AUTOMATON = Automatons.patterns(CreateSnapshotAction.NAME, "cluster:admin/snapshot/status*", GetSnapshotsAction.NAME, SnapshotsStatusAction.NAME, GetRepositoriesAction.NAME);
    private static final Automaton READ_CCR_AUTOMATON = Automatons.patterns(ClusterStateAction.NAME, HasPrivilegesAction.NAME);
    private static final Automaton MANAGE_ILM_AUTOMATON = Automatons.patterns("cluster:admin/ilm/*");
    private static final Automaton READ_ILM_AUTOMATON = Automatons.patterns(GetLifecycleAction.NAME, GetStatusAction.NAME);
    public static final ClusterPrivilege NONE = new ClusterPrivilege("none", Automatons.EMPTY);
    public static final ClusterPrivilege ALL = new ClusterPrivilege(AllExpression.NAME, ALL_CLUSTER_AUTOMATON);
    public static final ClusterPrivilege MONITOR = new ClusterPrivilege("monitor", MONITOR_AUTOMATON);
    public static final ClusterPrivilege MONITOR_ML = new ClusterPrivilege("monitor_ml", MONITOR_ML_AUTOMATON);
    public static final ClusterPrivilege MONITOR_WATCHER = new ClusterPrivilege("monitor_watcher", MONITOR_WATCHER_AUTOMATON);
    public static final ClusterPrivilege MONITOR_ROLLUP = new ClusterPrivilege("monitor_rollup", MONITOR_ROLLUP_AUTOMATON);
    public static final ClusterPrivilege MANAGE = new ClusterPrivilege("manage", MANAGE_AUTOMATON);
    public static final ClusterPrivilege MANAGE_ML = new ClusterPrivilege("manage_ml", MANAGE_ML_AUTOMATON);
    public static final ClusterPrivilege MANAGE_TOKEN = new ClusterPrivilege("manage_token", MANAGE_TOKEN_AUTOMATON);
    public static final ClusterPrivilege MANAGE_WATCHER = new ClusterPrivilege("manage_watcher", MANAGE_WATCHER_AUTOMATON);
    public static final ClusterPrivilege MANAGE_ROLLUP = new ClusterPrivilege("manage_rollup", MANAGE_ROLLUP_AUTOMATON);
    public static final ClusterPrivilege MANAGE_IDX_TEMPLATES = new ClusterPrivilege("manage_index_templates", MANAGE_IDX_TEMPLATE_AUTOMATON);
    public static final ClusterPrivilege MANAGE_INGEST_PIPELINES = new ClusterPrivilege("manage_ingest_pipelines", MANAGE_INGEST_PIPELINE_AUTOMATON);
    public static final ClusterPrivilege TRANSPORT_CLIENT = new ClusterPrivilege(TransportClient.TRANSPORT_CLIENT_FEATURE, TRANSPORT_CLIENT_AUTOMATON);
    public static final ClusterPrivilege MANAGE_SECURITY = new ClusterPrivilege("manage_security", MANAGE_SECURITY_AUTOMATON);
    public static final ClusterPrivilege MANAGE_SAML = new ClusterPrivilege("manage_saml", MANAGE_SAML_AUTOMATON);
    public static final ClusterPrivilege MANAGE_PIPELINE = new ClusterPrivilege("manage_pipeline", "cluster:admin/ingest/pipeline/*");
    public static final ClusterPrivilege MANAGE_CCR = new ClusterPrivilege("manage_ccr", MANAGE_CCR_AUTOMATON);
    public static final ClusterPrivilege READ_CCR = new ClusterPrivilege("read_ccr", READ_CCR_AUTOMATON);
    public static final ClusterPrivilege CREATE_SNAPSHOT = new ClusterPrivilege("create_snapshot", CREATE_SNAPSHOT_AUTOMATON);
    public static final ClusterPrivilege MANAGE_ILM = new ClusterPrivilege("manage_ilm", MANAGE_ILM_AUTOMATON);
    public static final ClusterPrivilege READ_ILM = new ClusterPrivilege("read_ilm", READ_ILM_AUTOMATON);
    public static final Predicate<String> ACTION_MATCHER = ALL.predicate();
    private static final Map<String, ClusterPrivilege> VALUES = MapBuilder.newMapBuilder().put("none", NONE).put(AllExpression.NAME, ALL).put("monitor", MONITOR).put("monitor_ml", MONITOR_ML).put("monitor_watcher", MONITOR_WATCHER).put("monitor_rollup", MONITOR_ROLLUP).put("manage", MANAGE).put("manage_ml", MANAGE_ML).put("manage_token", MANAGE_TOKEN).put("manage_watcher", MANAGE_WATCHER).put("manage_index_templates", MANAGE_IDX_TEMPLATES).put("manage_ingest_pipelines", MANAGE_INGEST_PIPELINES).put(TransportClient.TRANSPORT_CLIENT_FEATURE, TRANSPORT_CLIENT).put("manage_security", MANAGE_SECURITY).put("manage_saml", MANAGE_SAML).put("manage_pipeline", MANAGE_PIPELINE).put("manage_rollup", MANAGE_ROLLUP).put("manage_ccr", MANAGE_CCR).put("read_ccr", READ_CCR).put("create_snapshot", CREATE_SNAPSHOT).put("manage_ilm", MANAGE_ILM).put("read_ilm", READ_ILM).immutableMap();
    private static final ConcurrentHashMap<Set<String>, ClusterPrivilege> CACHE = new ConcurrentHashMap<>();

    private ClusterPrivilege(String str, String... strArr) {
        super(str, strArr);
    }

    private ClusterPrivilege(String str, Automaton automaton) {
        super((Set<String>) Collections.singleton(str), automaton);
    }

    private ClusterPrivilege(Set<String> set, Automaton automaton) {
        super(set, automaton);
    }

    public static ClusterPrivilege get(Set<String> set) {
        return (set == null || set.isEmpty()) ? NONE : CACHE.computeIfAbsent(set, ClusterPrivilege::resolve);
    }

    private static ClusterPrivilege resolve(Set<String> set) {
        int size = set.size();
        if (size == 0) {
            throw new IllegalArgumentException("empty set should not be used");
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            String lowerCase = it.next().toLowerCase(Locale.ROOT);
            if (ACTION_MATCHER.test(lowerCase)) {
                hashSet.add(actionToPattern(lowerCase));
            } else {
                ClusterPrivilege clusterPrivilege = VALUES.get(lowerCase);
                if (clusterPrivilege != null && size == 1) {
                    return clusterPrivilege;
                }
                if (clusterPrivilege == null) {
                    throw new IllegalArgumentException("unknown cluster privilege [" + set + "]. a privilege must be either one of the predefined fixed cluster privileges [" + Strings.collectionToCommaDelimitedString(VALUES.entrySet()) + "] or a pattern over one of the available cluster actions");
                }
                hashSet2.add(clusterPrivilege.automaton);
            }
        }
        if (!hashSet.isEmpty()) {
            hashSet2.add(Automatons.patterns(hashSet));
        }
        return new ClusterPrivilege(set, Automatons.unionAndMinimize(hashSet2));
    }
}
