package org.elasticsearch.xpack.core.security.authz.support;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.xcontent.LoggingDeprecationHandler;
import org.elasticsearch.script.ScriptService;
import org.elasticsearch.xcontent.NamedXContentRegistry;
import org.elasticsearch.xcontent.XContentFactory;
import org.elasticsearch.xcontent.XContentParser;
import org.elasticsearch.xpack.core.security.support.MustacheTemplateEvaluator;
import org.elasticsearch.xpack.core.security.user.User;

/* loaded from: input_file:lib/x-pack-core-7.17.14.jar:org/elasticsearch/xpack/core/security/authz/support/SecurityQueryTemplateEvaluator.class */
public final class SecurityQueryTemplateEvaluator {

    @FunctionalInterface
    /* loaded from: input_file:lib/x-pack-core-7.17.14.jar:org/elasticsearch/xpack/core/security/authz/support/SecurityQueryTemplateEvaluator$DlsQueryEvaluationContext.class */
    public interface DlsQueryEvaluationContext {
        String evaluate(BytesReference bytesReference);
    }

    private SecurityQueryTemplateEvaluator() {
    }

    public static String evaluateTemplate(String str, ScriptService scriptService, User user) {
        try {
            XContentParser createParser = XContentFactory.xContent(str).createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, str);
            try {
                XContentParser.Token nextToken = createParser.nextToken();
                if (nextToken != XContentParser.Token.START_OBJECT) {
                    throw new ElasticsearchParseException("Unexpected token [" + nextToken + "]", new Object[0]);
                }
                XContentParser.Token nextToken2 = createParser.nextToken();
                if (nextToken2 != XContentParser.Token.FIELD_NAME) {
                    throw new ElasticsearchParseException("Unexpected token [" + nextToken2 + "]", new Object[0]);
                }
                if (!"template".equals(createParser.currentName())) {
                    if (createParser != null) {
                        createParser.close();
                    }
                    return str;
                }
                XContentParser.Token nextToken3 = createParser.nextToken();
                if (nextToken3 != XContentParser.Token.START_OBJECT) {
                    throw new ElasticsearchParseException("Unexpected token [" + nextToken3 + "]", new Object[0]);
                }
                HashMap hashMap = new HashMap();
                hashMap.put("username", user.principal());
                hashMap.put("full_name", user.fullName());
                hashMap.put("email", user.email());
                hashMap.put("roles", Arrays.asList(user.roles()));
                hashMap.put("metadata", Collections.unmodifiableMap(user.metadata()));
                String evaluate = MustacheTemplateEvaluator.evaluate(scriptService, createParser, Collections.singletonMap("_user", hashMap));
                if (createParser != null) {
                    createParser.close();
                }
                return evaluate;
            } finally {
            }
        } catch (IOException e) {
            throw new ElasticsearchParseException("failed to parse query", e, new Object[0]);
        }
    }

    public static DlsQueryEvaluationContext wrap(User user, ScriptService scriptService) {
        return bytesReference -> {
            return evaluateTemplate(bytesReference.utf8ToString(), scriptService, user);
        };
    }
}
