package org.elasticsearch.shield.authz;

import com.google.common.base.Predicate;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.util.concurrent.UncheckedExecutionException;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.BasicOperations;
import java.util.Iterator;
import java.util.Locale;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import org.elasticsearch.common.Strings;
import org.elasticsearch.shield.audit.index.IndexAuditTrail;
import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.shield.support.AutomatonPredicate;
import org.elasticsearch.shield.support.Automatons;

/* loaded from: input_file:org/elasticsearch/shield/authz/Privilege.class */
public abstract class Privilege<P extends Privilege<P>> {
    static final String SUB_ACTION_SUFFIX_PATTERN = "*";
    public static final System SYSTEM = new System();
    public static final General HEALTH_AND_STATS = new General("health_and_stats", "cluster:monitor/health*", "cluster:monitor/stats*", "indices:monitor/stats*", "cluster:monitor/nodes/stats*");
    protected final Name name;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/shield/authz/Privilege$AutomatonPrivilege.class */
    public static abstract class AutomatonPrivilege<P extends AutomatonPrivilege<P>> extends Privilege<P> {
        protected final Automaton automaton;

        private AutomatonPrivilege(String str, String... strArr) {
            super(new Name(str));
            this.automaton = Automatons.patterns(strArr);
        }

        private AutomatonPrivilege(Name name, String... strArr) {
            super(name);
            this.automaton = Automatons.patterns(strArr);
        }

        private AutomatonPrivilege(Name name, Automaton automaton) {
            super(name);
            this.automaton = automaton;
        }

        @Override // org.elasticsearch.shield.authz.Privilege
        public Predicate<String> predicate() {
            return new AutomatonPredicate(this.automaton);
        }

        protected P plus(P p) {
            return p.implies(this) ? p : implies((AutomatonPrivilege<P>) p) ? this : create(this.name.add(p.name), Automatons.unionAndDeterminize(this.automaton, p.automaton));
        }

        protected P minus(P p) {
            return p.implies(this) ? none() : (p == none() || !implies((AutomatonPrivilege<P>) p)) ? this : create(this.name.remove(p.name), Automatons.minusAndDeterminize(this.automaton, p.automaton));
        }

        @Override // org.elasticsearch.shield.authz.Privilege
        public boolean implies(P p) {
            return BasicOperations.subsetOf(p.automaton, this.automaton);
        }

        public String toString() {
            return this.name.toString();
        }

        protected abstract P create(Name name, Automaton automaton);

        protected abstract P none();
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/Privilege$Cluster.class */
    public static class Cluster extends AutomatonPrivilege<Cluster> {
        private static final Automaton MANAGE_SECURITY_AUTOMATON = Automatons.patterns("cluster:admin/shield/*", "cluster:admin/xpack/security/*");
        private static final Automaton MANAGE_SHIELD_AUTOMATON = Automatons.patterns("cluster:admin/shield/*");
        private static final Automaton MONITOR_AUTOMATON = Automatons.patterns("cluster:monitor/*");
        private static final Automaton ALL_CLUSTER_AUTOMATON = Automatons.patterns("cluster:*", "indices:admin/template/*");
        private static final Automaton MANAGE_AUTOMATON = Automatons.minusAndDeterminize(ALL_CLUSTER_AUTOMATON, MANAGE_SECURITY_AUTOMATON);
        private static final Automaton TRANSPORT_CLIENT_AUTOMATON = Automatons.patterns("cluster:monitor/nodes/liveness", "cluster:monitor/state");
        private static final Automaton MANAGE_IDX_TEMPLATE_AUTOMATON = Automatons.patterns("indices:admin/template/*");
        public static final Cluster NONE = new Cluster(Name.NONE, Automatons.EMPTY);
        public static final Cluster ALL = new Cluster(Name.ALL, ALL_CLUSTER_AUTOMATON);
        public static final Cluster MONITOR = new Cluster("monitor", MONITOR_AUTOMATON);
        public static final Cluster MANAGE = new Cluster("manage", MANAGE_AUTOMATON);
        public static final Cluster MANAGE_IDX_TEMPLATES = new Cluster("manage_index_templates", MANAGE_IDX_TEMPLATE_AUTOMATON);
        public static final Cluster TRANSPORT_CLIENT = new Cluster("transport_client", TRANSPORT_CLIENT_AUTOMATON);
        public static final Cluster MANAGE_SECURITY = new Cluster("manage_security", MANAGE_SECURITY_AUTOMATON);
        public static final Cluster MANAGE_SHIELD = new Cluster("manage_shield", MANAGE_SHIELD_AUTOMATON);
        static final Predicate<String> ACTION_MATCHER = ALL.predicate();
        private static final Set<Cluster> values = new CopyOnWriteArraySet();
        private static final LoadingCache<Name, Cluster> cache;

        static Set<Cluster> values() {
            return values;
        }

        private Cluster(String str, String... strArr) {
            super(str, strArr);
        }

        private Cluster(String str, Automaton automaton) {
            super(new Name(str), automaton);
        }

        private Cluster(Name name, String... strArr) {
            super(name, strArr);
        }

        private Cluster(Name name, Automaton automaton) {
            super(name, automaton);
        }

        public static void addCustom(String str, String... strArr) {
            for (String str2 : strArr) {
                if (!ACTION_MATCHER.apply(str2)) {
                    throw new IllegalArgumentException("cannot register custom cluster privilege [" + str + "]. cluster aciton must follow the 'cluster:*' format");
                }
            }
            Cluster cluster = new Cluster(str, strArr);
            if (values.contains(cluster)) {
                throw new IllegalArgumentException("cannot register custom cluster privilege [" + str + "] as it already exists.");
            }
            values.add(cluster);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public Cluster create(Name name, Automaton automaton) {
            return new Cluster(name, automaton);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public Cluster none() {
            return NONE;
        }

        public static Cluster action(String str) {
            return new Cluster(str, actionToPattern(str));
        }

        public static Cluster get(Name name) {
            try {
                return (Cluster) cache.getUnchecked(name);
            } catch (UncheckedExecutionException e) {
                throw ((RuntimeException) e.getCause());
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static Cluster resolve(String str) {
            String lowerCase = str.toLowerCase(Locale.ROOT);
            if (ACTION_MATCHER.apply(lowerCase)) {
                return action(lowerCase);
            }
            for (Cluster cluster : values) {
                if (lowerCase.equals(cluster.name.toString())) {
                    return cluster;
                }
            }
            throw new IllegalArgumentException("unknown cluster privilege [" + lowerCase + "]. a privilege must be either one of the predefined fixed cluster privileges [" + Strings.collectionToCommaDelimitedString(values) + "] or a pattern over one of the available cluster actions");
        }

        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public /* bridge */ /* synthetic */ String toString() {
            return super.toString();
        }

        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege, org.elasticsearch.shield.authz.Privilege
        public /* bridge */ /* synthetic */ Predicate predicate() {
            return super.predicate();
        }

        static {
            values.add(NONE);
            values.add(ALL);
            values.add(MONITOR);
            values.add(MANAGE);
            values.add(MANAGE_SHIELD);
            values.add(MANAGE_SECURITY);
            values.add(TRANSPORT_CLIENT);
            values.add(MANAGE_IDX_TEMPLATES);
            cache = CacheBuilder.newBuilder().build(new CacheLoader<Name, Cluster>() { // from class: org.elasticsearch.shield.authz.Privilege.Cluster.1
                public Cluster load(Name name) throws Exception {
                    Cluster cluster = Cluster.NONE;
                    Iterator it = name.parts.iterator();
                    while (it.hasNext()) {
                        String str = (String) it.next();
                        cluster = cluster == Cluster.NONE ? Cluster.resolve(str) : cluster.plus(Cluster.resolve(str));
                    }
                    return cluster;
                }
            });
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/Privilege$General.class */
    public static class General extends AutomatonPrivilege<General> {
        public static final General NONE = new General(Name.NONE, Automatons.EMPTY);

        public General(String str, String... strArr) {
            super(str, strArr);
        }

        public General(Name name, String... strArr) {
            super(name, strArr);
        }

        public General(Name name, Automaton automaton) {
            super(name, automaton);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public General create(Name name, Automaton automaton) {
            return new General(name, automaton);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public General none() {
            return NONE;
        }

        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public /* bridge */ /* synthetic */ String toString() {
            return super.toString();
        }

        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege, org.elasticsearch.shield.authz.Privilege
        public /* bridge */ /* synthetic */ Predicate predicate() {
            return super.predicate();
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/Privilege$Index.class */
    public static class Index extends AutomatonPrivilege<Index> {
        private static final Automaton ALL_AUTOMATON = Automatons.patterns("indices:*");
        private static final Automaton READ_AUTOMATON = Automatons.patterns("indices:data/read/*");
        private static final Automaton CREATE_AUTOMATON = Automatons.patterns("indices:data/write/index*");
        private static final Automaton INDEX_AUTOMATON = Automatons.patterns("indices:data/write/index*", "indices:data/write/update*");
        private static final Automaton DELETE_AUTOMATON = Automatons.patterns("indices:data/write/delete*");
        private static final Automaton WRITE_AUTOMATON = Automatons.patterns("indices:data/write/*");
        private static final Automaton MONITOR_AUTOMATON = Automatons.patterns("indices:monitor/*");
        private static final Automaton MANAGE_AUTOMATON = Automatons.unionAndDeterminize(MONITOR_AUTOMATON, Automatons.patterns("indices:admin/*"));
        private static final Automaton CREATE_INDEX_AUTOMATON = Automatons.patterns("indices:admin/create");
        private static final Automaton DELETE_INDEX_AUTOMATON = Automatons.patterns("indices:admin/delete");
        private static final Automaton VIEW_METADATA_AUTOMATON = Automatons.patterns("indices:admin/aliases/get", "indices:admin/aliases/exists", "indices:admin/get", "indices:admin/exists", "indices:admin/mappings/fields/get*", "indices:admin/mappings/get", "indices:admin/shards/search_shards", "indices:admin/types/exists", "indices:admin/validate/query*", "indices:admin/warmers/get", "indices:monitor/settings/get");
        public static final Index NONE = new Index(Name.NONE, Automatons.EMPTY);
        public static final Index ALL = new Index(Name.ALL, ALL_AUTOMATON);
        public static final Index READ = new Index("read", READ_AUTOMATON);
        public static final Index CREATE = new Index("create", CREATE_AUTOMATON);
        public static final Index INDEX = new Index(IndexAuditTrail.NAME, INDEX_AUTOMATON);
        public static final Index DELETE = new Index("delete", DELETE_AUTOMATON);
        public static final Index WRITE = new Index("write", WRITE_AUTOMATON);
        public static final Index MONITOR = new Index("monitor", MONITOR_AUTOMATON);
        public static final Index MANAGE = new Index("manage", MANAGE_AUTOMATON);
        public static final Index DELETE_INDEX = new Index("delete_index", DELETE_INDEX_AUTOMATON);
        public static final Index CREATE_INDEX = new Index("create_index", CREATE_INDEX_AUTOMATON);
        public static final Index VIEW_METADATA = new Index("view_index_metadata", VIEW_METADATA_AUTOMATON);
        public static final Index MANAGE_ALIASES = new Index("manage_aliases", "indices:admin/aliases*");
        public static final Index DATA_ACCESS = new Index("data_access", "indices:data/*");
        public static final Index CRUD = new Index("crud", "indices:data/write/*", "indices:data/read/*");
        public static final Index SEARCH = new Index("search", "indices:data/read/search*", "indices:data/read/msearch*", "indices:data/read/suggest*");
        public static final Index GET = new Index("get", "indices:data/read/get*", "indices:data/read/mget*");
        public static final Index SUGGEST = new Index("suggest", "indices:data/read/suggest*");
        private static final Set<Index> values = new CopyOnWriteArraySet();
        public static final Predicate<String> ACTION_MATCHER;
        public static final Predicate<String> CREATE_INDEX_MATCHER;
        private static final LoadingCache<Name, Index> cache;

        static Set<Index> values() {
            return values;
        }

        private Index(String str, String... strArr) {
            super(str, strArr);
        }

        private Index(String str, Automaton automaton) {
            super(new Name(str), automaton);
        }

        private Index(Name name, String... strArr) {
            super(name, strArr);
        }

        private Index(Name name, Automaton automaton) {
            super(name, automaton);
        }

        public static void addCustom(String str, String... strArr) {
            for (String str2 : strArr) {
                if (!ACTION_MATCHER.apply(str2)) {
                    throw new IllegalArgumentException("cannot register custom index privilege [" + str + "]. index action must follow the 'indices:*' format");
                }
            }
            Index index = new Index(str, strArr);
            if (values.contains(index)) {
                throw new IllegalArgumentException("cannot register custom index privilege [" + str + "] as it already exists.");
            }
            values.add(index);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public Index create(Name name, Automaton automaton) {
            return name == Name.NONE ? NONE : new Index(name, automaton);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public Index none() {
            return NONE;
        }

        public static Index action(String str) {
            return new Index(str, actionToPattern(str));
        }

        public static Index get(Name name) {
            try {
                return (Index) cache.getUnchecked(name);
            } catch (UncheckedExecutionException e) {
                throw ((RuntimeException) e.getCause());
            }
        }

        public static Index union(Index... indexArr) {
            Index index = NONE;
            for (Index index2 : indexArr) {
                index = index.plus(index2);
            }
            return index;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static Index resolve(String str) {
            String lowerCase = str.toLowerCase(Locale.ROOT);
            if (ACTION_MATCHER.apply(lowerCase)) {
                return action(lowerCase);
            }
            for (Index index : values) {
                if (lowerCase.toLowerCase(Locale.ROOT).equals(index.name.toString())) {
                    return index;
                }
            }
            throw new IllegalArgumentException("unknown index privilege [" + lowerCase + "]. a privilege must be either one of the predefined fixed indices privileges [" + Strings.collectionToCommaDelimitedString(values) + "] or a pattern over one of the available index actions");
        }

        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege
        public /* bridge */ /* synthetic */ String toString() {
            return super.toString();
        }

        @Override // org.elasticsearch.shield.authz.Privilege.AutomatonPrivilege, org.elasticsearch.shield.authz.Privilege
        public /* bridge */ /* synthetic */ Predicate predicate() {
            return super.predicate();
        }

        static {
            values.add(NONE);
            values.add(ALL);
            values.add(MANAGE);
            values.add(CREATE);
            values.add(CREATE_INDEX);
            values.add(DELETE_INDEX);
            values.add(MANAGE_ALIASES);
            values.add(MONITOR);
            values.add(DATA_ACCESS);
            values.add(CRUD);
            values.add(READ);
            values.add(SEARCH);
            values.add(GET);
            values.add(SUGGEST);
            values.add(INDEX);
            values.add(DELETE);
            values.add(WRITE);
            values.add(VIEW_METADATA);
            ACTION_MATCHER = ALL.predicate();
            CREATE_INDEX_MATCHER = CREATE_INDEX.predicate();
            cache = CacheBuilder.newBuilder().build(new CacheLoader<Name, Index>() { // from class: org.elasticsearch.shield.authz.Privilege.Index.1
                public Index load(Name name) throws Exception {
                    Index index = Index.NONE;
                    Iterator it = name.parts.iterator();
                    while (it.hasNext()) {
                        String str = (String) it.next();
                        index = index == Index.NONE ? Index.resolve(str) : index.plus(Index.resolve(str));
                    }
                    return index;
                }
            });
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/Privilege$Name.class */
    public static class Name {
        public static final Name NONE;
        public static final Name ALL;
        private final ImmutableSet<String> parts;
        static final /* synthetic */ boolean $assertionsDisabled;

        public Name(String str) {
            if (!$assertionsDisabled && (str == null || str.contains(","))) {
                throw new AssertionError("single string name should not be null or contain commas");
            }
            this.parts = ImmutableSet.of(str);
        }

        public Name(Set<String> set) {
            if (!$assertionsDisabled && set.isEmpty()) {
                throw new AssertionError("cannot create a Name from an empty list of parts");
            }
            this.parts = ImmutableSet.copyOf(set);
        }

        public Name(String... strArr) {
            this((Set<String>) ImmutableSet.copyOf(strArr));
        }

        public String toString() {
            return Strings.collectionToCommaDelimitedString(this.parts);
        }

        public Name add(Name name) {
            return new Name((Set<String>) Sets.union(this.parts, name.parts));
        }

        public Name remove(Name name) {
            Sets.SetView difference = Sets.difference(this.parts, name.parts);
            return difference.isEmpty() ? NONE : new Name((Set<String>) difference);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.parts.equals(((Name) obj).parts);
        }

        public int hashCode() {
            return this.parts.hashCode();
        }

        static {
            $assertionsDisabled = !Privilege.class.desiredAssertionStatus();
            NONE = new Name("none");
            ALL = new Name("all");
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/Privilege$System.class */
    public static class System extends Privilege<System> {
        protected static final Predicate<String> PREDICATE = new AutomatonPredicate(Automatons.patterns("internal:*", "indices:monitor/*", "cluster:monitor/*", "cluster:admin/reroute", "indices:admin/mapping/put"));

        private System() {
            super(new Name("internal"));
        }

        @Override // org.elasticsearch.shield.authz.Privilege
        public Predicate<String> predicate() {
            return PREDICATE;
        }

        @Override // org.elasticsearch.shield.authz.Privilege
        public boolean implies(System system) {
            return true;
        }
    }

    private Privilege(Name name) {
        this.name = name;
    }

    public Name name() {
        return this.name;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        Privilege privilege = (Privilege) obj;
        return this.name != null ? this.name.equals(privilege.name) : privilege.name == null;
    }

    public int hashCode() {
        if (this.name != null) {
            return this.name.hashCode();
        }
        return 0;
    }

    public abstract Predicate<String> predicate();

    public abstract boolean implies(P p);

    public boolean isAlias(P p) {
        return implies(p) && p.implies(this);
    }

    static String actionToPattern(String str) {
        return str + SUB_ACTION_SUFFIX_PATTERN;
    }
}
