package org.elasticsearch.xpack.core.security.authz.privilege;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.io.stream.Writeable;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentParseException;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.xpack.core.security.action.privilege.ApplicationPrivilegesRequest;
import org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivilege;
import org.elasticsearch.xpack.core.security.support.Automatons;
import org.elasticsearch.xpack.core.security.xcontent.XContentUtils;

/* loaded from: input_file:lib/org.elasticsearch.xpack.core-7.3.0.jar:org/elasticsearch/xpack/core/security/authz/privilege/ConditionalClusterPrivileges.class */
public final class ConditionalClusterPrivileges {
    public static final ConditionalClusterPrivilege[] EMPTY_ARRAY = new ConditionalClusterPrivilege[0];
    public static final Writeable.Reader<ConditionalClusterPrivilege> READER = streamInput -> {
        return (ConditionalClusterPrivilege) streamInput.readNamedWriteable(ConditionalClusterPrivilege.class);
    };
    public static final Writeable.Writer<ConditionalClusterPrivilege> WRITER = (streamOutput, conditionalClusterPrivilege) -> {
        streamOutput.writeNamedWriteable(conditionalClusterPrivilege);
    };

    /* loaded from: input_file:lib/org.elasticsearch.xpack.core-7.3.0.jar:org/elasticsearch/xpack/core/security/authz/privilege/ConditionalClusterPrivileges$ManageApplicationPrivileges.class */
    public static class ManageApplicationPrivileges implements ConditionalClusterPrivilege {
        private static final ClusterPrivilege PRIVILEGE = ClusterPrivilege.get(Collections.singleton("cluster:admin/xpack/security/privilege/*"));
        public static final String WRITEABLE_NAME = "manage-application-privileges";
        private final Set<String> applicationNames;
        private final Predicate<String> applicationPredicate;
        private final Predicate<TransportRequest> requestPredicate = transportRequest -> {
            if (!(transportRequest instanceof ApplicationPrivilegesRequest)) {
                return false;
            }
            Collection<String> applicationNames = ((ApplicationPrivilegesRequest) transportRequest).getApplicationNames();
            return applicationNames.isEmpty() ? this.applicationNames.contains("*") : applicationNames.stream().allMatch(str -> {
                return this.applicationPredicate.test(str);
            });
        };

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:lib/org.elasticsearch.xpack.core-7.3.0.jar:org/elasticsearch/xpack/core/security/authz/privilege/ConditionalClusterPrivileges$ManageApplicationPrivileges$Fields.class */
        public interface Fields {
            public static final ParseField MANAGE = new ParseField("manage", new String[0]);
            public static final ParseField APPLICATIONS = new ParseField("applications", new String[0]);
        }

        public ManageApplicationPrivileges(Set<String> set) {
            this.applicationNames = Collections.unmodifiableSet(set);
            this.applicationPredicate = Automatons.predicate(set);
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivilege
        public ConditionalClusterPrivilege.Category getCategory() {
            return ConditionalClusterPrivilege.Category.APPLICATION;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivilege
        public ClusterPrivilege getPrivilege() {
            return PRIVILEGE;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivilege
        public Predicate<TransportRequest> getRequestPredicate() {
            return this.requestPredicate;
        }

        public Collection<String> getApplicationNames() {
            return Collections.unmodifiableCollection(this.applicationNames);
        }

        @Override // org.elasticsearch.common.io.stream.NamedWriteable
        public String getWriteableName() {
            return WRITEABLE_NAME;
        }

        @Override // org.elasticsearch.common.io.stream.Writeable
        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeCollection(this.applicationNames, (v0, v1) -> {
                v0.writeString(v1);
            });
        }

        public static ManageApplicationPrivileges createFrom(StreamInput streamInput) throws IOException {
            return new ManageApplicationPrivileges(streamInput.readSet((v0) -> {
                return v0.readString();
            }));
        }

        @Override // org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivilege, org.elasticsearch.common.xcontent.ToXContent
        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            return xContentBuilder.field(Fields.MANAGE.getPreferredName(), Collections.singletonMap(Fields.APPLICATIONS.getPreferredName(), this.applicationNames));
        }

        public static ManageApplicationPrivileges parse(XContentParser xContentParser) throws IOException {
            ConditionalClusterPrivileges.expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            ConditionalClusterPrivileges.expectFieldName(xContentParser, Fields.MANAGE);
            ConditionalClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_OBJECT);
            ConditionalClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            ConditionalClusterPrivileges.expectFieldName(xContentParser, Fields.APPLICATIONS);
            ConditionalClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_ARRAY);
            String[] readStringArray = XContentUtils.readStringArray(xContentParser, false);
            ConditionalClusterPrivileges.expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.END_OBJECT);
            return new ManageApplicationPrivileges(new LinkedHashSet(Arrays.asList(readStringArray)));
        }

        public String toString() {
            return "{" + getCategory() + ParameterizedMessage.ERROR_MSG_SEPARATOR + Fields.MANAGE.getPreferredName() + ParameterizedMessage.ERROR_MSG_SEPARATOR + Fields.APPLICATIONS.getPreferredName() + "=" + Strings.collectionToDelimitedString(this.applicationNames, ",") + "}";
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.applicationNames.equals(((ManageApplicationPrivileges) obj).applicationNames);
        }

        public int hashCode() {
            return this.applicationNames.hashCode();
        }
    }

    private ConditionalClusterPrivileges() {
    }

    public static ConditionalClusterPrivilege[] readArray(StreamInput streamInput) throws IOException {
        return (ConditionalClusterPrivilege[]) streamInput.readArray(READER, i -> {
            return new ConditionalClusterPrivilege[i];
        });
    }

    public static void writeArray(StreamOutput streamOutput, ConditionalClusterPrivilege[] conditionalClusterPrivilegeArr) throws IOException {
        streamOutput.writeArray(WRITER, conditionalClusterPrivilegeArr);
    }

    public static XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params, Collection<ConditionalClusterPrivilege> collection) throws IOException {
        xContentBuilder.startObject();
        for (ConditionalClusterPrivilege.Category category : ConditionalClusterPrivilege.Category.values()) {
            xContentBuilder.startObject(category.field.getPreferredName());
            for (ConditionalClusterPrivilege conditionalClusterPrivilege : collection) {
                if (category == conditionalClusterPrivilege.getCategory()) {
                    conditionalClusterPrivilege.toXContent(xContentBuilder, params);
                }
            }
            xContentBuilder.endObject();
        }
        return xContentBuilder.endObject();
    }

    public static List<ConditionalClusterPrivilege> parse(XContentParser xContentParser) throws IOException {
        ArrayList arrayList = new ArrayList();
        expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.START_OBJECT);
        while (xContentParser.nextToken() != XContentParser.Token.END_OBJECT) {
            expectedToken(xContentParser.currentToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            expectFieldName(xContentParser, ConditionalClusterPrivilege.Category.APPLICATION.field);
            expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.START_OBJECT);
            expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.FIELD_NAME);
            expectFieldName(xContentParser, ManageApplicationPrivileges.Fields.MANAGE);
            arrayList.add(ManageApplicationPrivileges.parse(xContentParser));
            expectedToken(xContentParser.nextToken(), xContentParser, XContentParser.Token.END_OBJECT);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void expectedToken(XContentParser.Token token, XContentParser xContentParser, XContentParser.Token token2) {
        if (token != token2) {
            throw new XContentParseException(xContentParser.getTokenLocation(), "failed to parse privilege. expected [" + token2 + "] but found [" + token + "] instead");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void expectFieldName(XContentParser xContentParser, ParseField... parseFieldArr) throws IOException {
        String currentName = xContentParser.currentName();
        if (Arrays.stream(parseFieldArr).anyMatch(parseField -> {
            return parseField.match(currentName, xContentParser.getDeprecationHandler());
        })) {
        } else {
            throw new XContentParseException(xContentParser.getTokenLocation(), "failed to parse privilege. expected " + (parseFieldArr.length == 1 ? "field name" : "one of") + " [" + Strings.arrayToCommaDelimitedString(parseFieldArr) + "] but found [" + currentName + "] instead");
        }
    }
}
