package org.elasticsearch.xpack.core.security.authz.privilege;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Predicate;
import org.apache.lucene.util.automaton.Automaton;
import org.elasticsearch.action.admin.cluster.shards.ClusterSearchShardsAction;
import org.elasticsearch.action.admin.indices.alias.exists.AliasesExistAction;
import org.elasticsearch.action.admin.indices.alias.get.GetAliasesAction;
import org.elasticsearch.action.admin.indices.create.CreateIndexAction;
import org.elasticsearch.action.admin.indices.delete.DeleteIndexAction;
import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsAction;
import org.elasticsearch.action.admin.indices.exists.types.TypesExistsAction;
import org.elasticsearch.action.admin.indices.get.GetIndexAction;
import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsAction;
import org.elasticsearch.action.admin.indices.mapping.put.PutMappingAction;
import org.elasticsearch.action.admin.indices.settings.get.GetSettingsAction;
import org.elasticsearch.client.security.user.privileges.Role;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.xpack.core.ccr.action.PutFollowAction;
import org.elasticsearch.xpack.core.ccr.action.UnfollowAction;
import org.elasticsearch.xpack.core.indexlifecycle.action.ExplainLifecycleAction;
import org.elasticsearch.xpack.core.security.support.Automatons;

/* loaded from: input_file:lib/org.elasticsearch.xpack.core-7.3.0.jar:org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.class */
public final class IndexPrivilege extends Privilege {
    private static final Automaton ALL_AUTOMATON = Automatons.patterns("indices:*", "internal:transport/proxy/indices:*");
    private static final Automaton READ_AUTOMATON = Automatons.patterns("indices:data/read/*");
    private static final Automaton READ_CROSS_CLUSTER_AUTOMATON = Automatons.patterns("internal:transport/proxy/indices:data/read/*", ClusterSearchShardsAction.NAME);
    private static final Automaton CREATE_AUTOMATON = Automatons.patterns("indices:data/write/index*", "indices:data/write/bulk*", PutMappingAction.NAME);
    private static final Automaton INDEX_AUTOMATON = Automatons.patterns("indices:data/write/index*", "indices:data/write/bulk*", "indices:data/write/update*", PutMappingAction.NAME);
    private static final Automaton DELETE_AUTOMATON = Automatons.patterns("indices:data/write/delete*", "indices:data/write/bulk*");
    private static final Automaton WRITE_AUTOMATON = Automatons.patterns("indices:data/write/*", PutMappingAction.NAME);
    private static final Automaton MONITOR_AUTOMATON = Automatons.patterns("indices:monitor/*");
    private static final Automaton MANAGE_AUTOMATON = Automatons.unionAndMinimize(Arrays.asList(MONITOR_AUTOMATON, Automatons.patterns("indices:admin/*")));
    private static final Automaton CREATE_INDEX_AUTOMATON = Automatons.patterns(CreateIndexAction.NAME);
    private static final Automaton DELETE_INDEX_AUTOMATON = Automatons.patterns(DeleteIndexAction.NAME);
    private static final Automaton VIEW_METADATA_AUTOMATON = Automatons.patterns(GetAliasesAction.NAME, AliasesExistAction.NAME, GetIndexAction.NAME, IndicesExistsAction.NAME, "indices:admin/mappings/fields/get*", GetMappingsAction.NAME, ClusterSearchShardsAction.NAME, TypesExistsAction.NAME, "indices:admin/validate/query*", GetSettingsAction.NAME, ExplainLifecycleAction.NAME);
    private static final Automaton MANAGE_FOLLOW_INDEX_AUTOMATON = Automatons.patterns(PutFollowAction.NAME, UnfollowAction.NAME, "indices:admin/close*");
    private static final Automaton MANAGE_LEADER_INDEX_AUTOMATON = Automatons.patterns("indices:admin/xpack/ccr/forget_follower*");
    private static final Automaton MANAGE_ILM_AUTOMATON = Automatons.patterns("indices:admin/ilm/*");
    public static final IndexPrivilege NONE = new IndexPrivilege("none", Automatons.EMPTY);
    public static final IndexPrivilege ALL = new IndexPrivilege("all", ALL_AUTOMATON);
    public static final IndexPrivilege READ = new IndexPrivilege(Role.IndexPrivilegeName.READ, READ_AUTOMATON);
    public static final IndexPrivilege READ_CROSS_CLUSTER = new IndexPrivilege(Role.IndexPrivilegeName.READ_CROSS, READ_CROSS_CLUSTER_AUTOMATON);
    public static final IndexPrivilege CREATE = new IndexPrivilege(Role.IndexPrivilegeName.CREATE, CREATE_AUTOMATON);
    public static final IndexPrivilege INDEX = new IndexPrivilege("index", INDEX_AUTOMATON);
    public static final IndexPrivilege DELETE = new IndexPrivilege("delete", DELETE_AUTOMATON);
    public static final IndexPrivilege WRITE = new IndexPrivilege("write", WRITE_AUTOMATON);
    public static final IndexPrivilege MONITOR = new IndexPrivilege("monitor", MONITOR_AUTOMATON);
    public static final IndexPrivilege MANAGE = new IndexPrivilege("manage", MANAGE_AUTOMATON);
    public static final IndexPrivilege DELETE_INDEX = new IndexPrivilege(Role.IndexPrivilegeName.DELETE_INDEX, DELETE_INDEX_AUTOMATON);
    public static final IndexPrivilege CREATE_INDEX = new IndexPrivilege(Role.IndexPrivilegeName.CREATE_INDEX, CREATE_INDEX_AUTOMATON);
    public static final IndexPrivilege VIEW_METADATA = new IndexPrivilege(Role.IndexPrivilegeName.VIEW_INDEX_METADATA, VIEW_METADATA_AUTOMATON);
    public static final IndexPrivilege MANAGE_FOLLOW_INDEX = new IndexPrivilege(Role.IndexPrivilegeName.MANAGE_FOLLOW_INDEX, MANAGE_FOLLOW_INDEX_AUTOMATON);
    public static final IndexPrivilege MANAGE_LEADER_INDEX = new IndexPrivilege("manage_leader_index", MANAGE_LEADER_INDEX_AUTOMATON);
    public static final IndexPrivilege MANAGE_ILM = new IndexPrivilege("manage_ilm", MANAGE_ILM_AUTOMATON);
    private static final Map<String, IndexPrivilege> VALUES = MapBuilder.newMapBuilder().put("none", NONE).put("all", ALL).put("manage", MANAGE).put(Role.IndexPrivilegeName.CREATE_INDEX, CREATE_INDEX).put("monitor", MONITOR).put(Role.IndexPrivilegeName.READ, READ).put("index", INDEX).put("delete", DELETE).put("write", WRITE).put(Role.IndexPrivilegeName.CREATE, CREATE).put(Role.IndexPrivilegeName.DELETE_INDEX, DELETE_INDEX).put(Role.IndexPrivilegeName.VIEW_INDEX_METADATA, VIEW_METADATA).put(Role.IndexPrivilegeName.READ_CROSS, READ_CROSS_CLUSTER).put(Role.IndexPrivilegeName.MANAGE_FOLLOW_INDEX, MANAGE_FOLLOW_INDEX).put("manage_leader_index", MANAGE_LEADER_INDEX).put("manage_ilm", MANAGE_ILM).immutableMap();
    public static final Predicate<String> ACTION_MATCHER = ALL.predicate();
    public static final Predicate<String> CREATE_INDEX_MATCHER = CREATE_INDEX.predicate();
    private static final ConcurrentHashMap<Set<String>, IndexPrivilege> CACHE = new ConcurrentHashMap<>();

    private IndexPrivilege(String str, Automaton automaton) {
        super((Set<String>) Collections.singleton(str), automaton);
    }

    private IndexPrivilege(Set<String> set, Automaton automaton) {
        super(set, automaton);
    }

    public static IndexPrivilege get(Set<String> set) {
        return CACHE.computeIfAbsent(set, set2 -> {
            return set2.isEmpty() ? NONE : resolve(set2);
        });
    }

    private static IndexPrivilege resolve(Set<String> set) {
        int size = set.size();
        if (size == 0) {
            throw new IllegalArgumentException("empty set should not be used");
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            String lowerCase = it.next().toLowerCase(Locale.ROOT);
            if (ACTION_MATCHER.test(lowerCase)) {
                hashSet.add(actionToPattern(lowerCase));
            } else {
                IndexPrivilege indexPrivilege = VALUES.get(lowerCase);
                if (indexPrivilege != null && size == 1) {
                    return indexPrivilege;
                }
                if (indexPrivilege == null) {
                    throw new IllegalArgumentException("unknown index privilege [" + lowerCase + "]. a privilege must be either one of the predefined fixed indices privileges [" + Strings.collectionToCommaDelimitedString(VALUES.entrySet()) + "] or a pattern over one of the available index actions");
                }
                hashSet2.add(indexPrivilege.automaton);
            }
        }
        if (!hashSet.isEmpty()) {
            hashSet2.add(Automatons.patterns(hashSet));
        }
        return new IndexPrivilege(set, Automatons.unionAndMinimize(hashSet2));
    }

    static Map<String, IndexPrivilege> values() {
        return VALUES;
    }

    public static Set<String> names() {
        return Collections.unmodifiableSet(VALUES.keySet());
    }
}
