package org.elasticsearch.xpack.core.security.authz;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.cluster.metadata.IndexAbstraction;
import org.elasticsearch.common.Strings;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.xpack.core.security.action.user.GetUserPrivilegesRequest;
import org.elasticsearch.xpack.core.security.action.user.GetUserPrivilegesResponse;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesRequest;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilegeDescriptor;

/* loaded from: input_file:lib/x-pack-core-7.17.18.jar:org/elasticsearch/xpack/core/security/authz/AuthorizationEngine.class */
public interface AuthorizationEngine {

    @FunctionalInterface
    /* loaded from: input_file:lib/x-pack-core-7.17.18.jar:org/elasticsearch/xpack/core/security/authz/AuthorizationEngine$AsyncSupplier.class */
    public interface AsyncSupplier<V> {
        void getAsync(ActionListener<V> actionListener);
    }

    /* loaded from: input_file:lib/x-pack-core-7.17.18.jar:org/elasticsearch/xpack/core/security/authz/AuthorizationEngine$AuthorizationContext.class */
    public static final class AuthorizationContext {
        private final String action;
        private final AuthorizationInfo authorizationInfo;
        private final IndicesAccessControl indicesAccessControl;

        public AuthorizationContext(String str, AuthorizationInfo authorizationInfo, IndicesAccessControl indicesAccessControl) {
            this.action = str;
            this.authorizationInfo = authorizationInfo;
            this.indicesAccessControl = indicesAccessControl;
        }

        public String getAction() {
            return this.action;
        }

        public AuthorizationInfo getAuthorizationInfo() {
            return this.authorizationInfo;
        }

        public IndicesAccessControl getIndicesAccessControl() {
            return this.indicesAccessControl;
        }
    }

    /* loaded from: input_file:lib/x-pack-core-7.17.18.jar:org/elasticsearch/xpack/core/security/authz/AuthorizationEngine$AuthorizationInfo.class */
    public interface AuthorizationInfo {
        Map<String, Object> asMap();

        default AuthorizationInfo getAuthenticatedUserAuthorizationInfo() {
            return this;
        }
    }

    /* loaded from: input_file:lib/x-pack-core-7.17.18.jar:org/elasticsearch/xpack/core/security/authz/AuthorizationEngine$AuthorizationResult.class */
    public static class AuthorizationResult {
        private final boolean granted;
        private final boolean auditable;

        public AuthorizationResult(boolean z) {
            this(z, true);
        }

        public AuthorizationResult(boolean z, boolean z2) {
            this.granted = z;
            this.auditable = z2;
        }

        public boolean isGranted() {
            return this.granted;
        }

        public boolean isAuditable() {
            return this.auditable;
        }

        @Nullable
        public String getFailureContext() {
            return null;
        }

        public static AuthorizationResult granted() {
            return new AuthorizationResult(true);
        }

        public static AuthorizationResult deny() {
            return new AuthorizationResult(false);
        }
    }

    /* loaded from: input_file:lib/x-pack-core-7.17.18.jar:org/elasticsearch/xpack/core/security/authz/AuthorizationEngine$EmptyAuthorizationInfo.class */
    public static final class EmptyAuthorizationInfo implements AuthorizationInfo {
        public static final EmptyAuthorizationInfo INSTANCE = new EmptyAuthorizationInfo();

        private EmptyAuthorizationInfo() {
        }

        @Override // org.elasticsearch.xpack.core.security.authz.AuthorizationEngine.AuthorizationInfo
        public Map<String, Object> asMap() {
            return Collections.emptyMap();
        }
    }

    /* loaded from: input_file:lib/x-pack-core-7.17.18.jar:org/elasticsearch/xpack/core/security/authz/AuthorizationEngine$IndexAuthorizationResult.class */
    public static class IndexAuthorizationResult extends AuthorizationResult {
        private final IndicesAccessControl indicesAccessControl;

        public IndexAuthorizationResult(boolean z, IndicesAccessControl indicesAccessControl) {
            super(indicesAccessControl == null || indicesAccessControl.isGranted(), z);
            this.indicesAccessControl = indicesAccessControl;
        }

        @Override // org.elasticsearch.xpack.core.security.authz.AuthorizationEngine.AuthorizationResult
        public String getFailureContext() {
            if (isGranted()) {
                return null;
            }
            return getFailureDescription(this.indicesAccessControl.getDeniedIndices());
        }

        public static String getFailureDescription(Collection<?> collection) {
            if (collection.isEmpty()) {
                return null;
            }
            return "on indices [" + Strings.collectionToCommaDelimitedString(collection) + "]";
        }

        public IndicesAccessControl getIndicesAccessControl() {
            return this.indicesAccessControl;
        }
    }

    /* loaded from: input_file:lib/x-pack-core-7.17.18.jar:org/elasticsearch/xpack/core/security/authz/AuthorizationEngine$RequestInfo.class */
    public static final class RequestInfo {
        private final Authentication authentication;
        private final TransportRequest request;
        private final String action;

        @Nullable
        private final AuthorizationContext originatingAuthorizationContext;

        public RequestInfo(Authentication authentication, TransportRequest transportRequest, String str, AuthorizationContext authorizationContext) {
            this.authentication = (Authentication) Objects.requireNonNull(authentication);
            this.request = (TransportRequest) Objects.requireNonNull(transportRequest);
            this.action = (String) Objects.requireNonNull(str);
            this.originatingAuthorizationContext = authorizationContext;
        }

        public String getAction() {
            return this.action;
        }

        public Authentication getAuthentication() {
            return this.authentication;
        }

        public TransportRequest getRequest() {
            return this.request;
        }

        @Nullable
        public AuthorizationContext getOriginatingAuthorizationContext() {
            return this.originatingAuthorizationContext;
        }

        public String toString() {
            return getClass().getSimpleName() + "{authentication=[" + this.authentication + "], request=[" + this.request + "], action=[" + this.action + "], parent=[" + this.originatingAuthorizationContext + "]}";
        }
    }

    void resolveAuthorizationInfo(RequestInfo requestInfo, ActionListener<AuthorizationInfo> actionListener);

    void authorizeRunAs(RequestInfo requestInfo, AuthorizationInfo authorizationInfo, ActionListener<AuthorizationResult> actionListener);

    void authorizeClusterAction(RequestInfo requestInfo, AuthorizationInfo authorizationInfo, ActionListener<AuthorizationResult> actionListener);

    void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo authorizationInfo, AsyncSupplier<ResolvedIndices> asyncSupplier, Map<String, IndexAbstraction> map, ActionListener<IndexAuthorizationResult> actionListener);

    void loadAuthorizedIndices(RequestInfo requestInfo, AuthorizationInfo authorizationInfo, Map<String, IndexAbstraction> map, ActionListener<Set<String>> actionListener);

    void validateIndexPermissionsAreSubset(RequestInfo requestInfo, AuthorizationInfo authorizationInfo, Map<String, List<String>> map, ActionListener<AuthorizationResult> actionListener);

    void checkPrivileges(Authentication authentication, AuthorizationInfo authorizationInfo, HasPrivilegesRequest hasPrivilegesRequest, Collection<ApplicationPrivilegeDescriptor> collection, ActionListener<HasPrivilegesResponse> actionListener);

    void getUserPrivileges(Authentication authentication, AuthorizationInfo authorizationInfo, GetUserPrivilegesRequest getUserPrivilegesRequest, ActionListener<GetUserPrivilegesResponse> actionListener);
}
